All my Iota are missing. My current address is: HLMVHVAPWRSCKJQMO9SMVDBOLJHMY9OKQXTWSCVXOJCTGRG9LKOUHLQMS9VYLARCAFNGTMSSZFWQDNOMCGUKCBLDEZ
Opened this issue · 15 comments
Prerequisites
If you are not suggesting a feature, you must be able to check all of the following (place an x inside the brackets to check the box). If you cannot check all of the boxes, this issue should not be reported on GitHub as it is not a bug:
- I confirm that this is an issue with the IOTA Wallet and not an exchange
- I confirm that this is an issue with the wallet, not IRI
- For pending transactions: I confirm that I have tried reattaching and promoting multiple times (check this box if your issue is not related to a pending transaction)
- I confirm that this is not an issue related to stolen/lost funds
- I confirm that this is not a zero balance issue related to a snapshot (last snapshots occurred on October 23 and January 28)
- For private key warnings: I confirm that I am not at risk of reusing an address, or another user has verified that I am not (check this box if your issue is not related to a private key reuse)
- I confirm that this issue is present on the latest version of the wallet
Description
[Description of the bug or feature]
Steps to Reproduce
- [First Step]
- [Second Step]
- [and so on...]
Expected behavior: [What you expected to happen]
Actual behavior: [What actually happened]
Versions
[OS Version]
[Wallet Version]
hey @cryptotom77 were you able to resolve this issue with help from anyone else? I am experiencing the same issue, and while before there were a ton of people jumping to help with issues like this, now it seems we are being blocked from discussing non zero balance issues? well @github helpers ...can we get the address of a site/blog which can help us resolve it? instead of a link to an old article which states that there might be some help if you followed the pre snapshot instructions and then says nothing about people who weren't aware of the snapshot at all. Does it state that we wont be able to touch our balance until some following release of a wallet in the future? It's not clear.
Hey @cryptotom77 , your address is a so called "zero balance" address, which means there is no balance on this address at all. Zero balance addresses don't have to be confirmed. So the pending status is completley normal.
Do you have any other addresses?
Yes. Here are a few other addresses.
WSGAVSPGLSTCFJDB9SCWQZWMTIBQTGFTDIYJRUWQIOEUHUYUDOKBRPD9ZATNMQEFNYXACFFVSMEPLVNABDXTDMQUND
RGDIKUULHEFNFJVXRACXXDCUQONQJIAFBVBFCKLGUMPOTZIRQJSSVXSUCMXDYYHXRWMBEOJQPMEXXSBRAOKOWZEWSA
OUESMSOCDXKDDKGXKVVDMKSGDSDNWMTYZGHPCVSGXUQONTSNQWKJVCZRJQTOWLZNHYR9XYGLUSDMGXBVXCKICGONRX.
My wallet is showing a transaction on 4/04/2018 which I never made. The transaction takes out all the Iota from my wallet. I have no idea how this would have happened as I did not use an online generator to generate my seed. In fact, last time I opened my wallet before last weekend was about 2 months ago.
The transaction hash is:
YQAVWJXCHLWPYYMQTGTDWWFQZYJJLX9YFNXFVSDFKFWAPBSPYYJZVRPIZZEQDNZOKBNAAGFUURYUAGIJDCPCGKLWGGGFY.
Is this a real transaction where someone stole my funds or is this some Iota thing which will be resolved?
My OS version in Mac OS High Sierra. Wallet version is 2.5.7, light wallet, IRI 1.4.2.2
Hey, @cryptotom77 , I had a look into your transaction addresses. Addresses nr. 1 - 3 are all zero value transactions, so they are not of interest.
This address / hash
YQAVWJXCHLWPYYMQTGTDWWFQZYJJLX9YFNXFVSDFKFWAPBSPYYJZVRPIZZEQDNZOKBNAAGFUURYUAGIJDCPCGKLWGGGFY
doesn't exist at all.
Take a look for yourself at https://thetangle.org/ or https://iotasear.ch/.
Do you have the transactions address or hash of the transaction, which takes all your IOTAs out?
Hi Io5tinpr0
Here is the link to the transaction taking out all the Iota out of my wallet:
https://iotasear.ch/transaction/UYIFGOSQIUU9PAMWWNLOAQOPGSWMKKTVVDCM9SXUPYQSHVDGKARJHQDJZPDPOROGLQTBOBLMMLKUA9999
The transaction hash is:
UYIFGOSQIUU9PAMWWNLOAQOPGSWMKKTVVDCM9SXUPYQSHVDGKARJHQDJZPDPOROGLQTBOBLMMLKUA9999
The Iota address which took out all my Iota is:
VWJXCHLWPYYMQTGTDWWFQZYJJLX9YFNXFVSDFKFWAPBSPYYJZVRPIZZEQDNZOKBNAAGFUURYUAGIJDCPC
The above 3 addresses all show as confirmed in my wallet. Here is a list of some other confirmed addresses. I have now 34 addresses in my wallet, some of them confirmed, most are not. How do I determine which ones are non-zero addresses.
This is the first confirmed address after the money was taken out:
DZMSNIMDHPBHADKFKXEMHUBLIYQAF9JCLZBIDEDOVJVTAHHFWCGYFQYOHBLSHZ9TWFDJRJTGLYU9DAWIBTPUJVCACA
These addresses before the money was taken out:
ECMAKAYNKDIEHO99OOQGJMBJ9YIZ9LYCQQGUIBCGB9PFPCAFQUOQJUQEYJJOTKRNIEEKIUGPECGSA9CYXNGAGWZXH9
QHSPKMLVGHLPQAODDVD9WWMOFEWBN9GLKGHYOWHSFPCZRL9XMKKRW9AHLVVTENLBGZLJRMQKWPOHHLUMDWNJFAEZPD
Here is a list of all addresses, confirmed and unconfirmed in my wallet:
YJBPOKDANKEFUFJCXHQFU9ERROSNZZFETQGXHS9IK9HDBUCKNVPISKCOHXFZAFTSDOLYDPYBJPSBBFIQXEHS9FAMNB
TFZQGNYCLFCBWRKMXBKKEWTGOITVEXBTNQDO9JKLDCNFENUFAURQSRFHR9T9R9ULSBCCOJNNWXXGBRNKZFDXEGLWAD
PDNZZVXKCNVTJDAGNJIN9CTGGCMXQWYNVDPFIIEGPMBSEWAIAEDKKQB9GHCS9DRHVUVEAD9DNBJRNE9FAIIIBIIWU9
R9DGJPENOCKYZEG9HIHYOTWGMSTFLDDUXDTSUUVRAZBSHAJGHATCVNONJAVAENELUNJIKHZSIGIIVGKOWWTWEQPFO9
WSGAVSPGLSTCFJDB9SCWQZWMTIBQTGFTDIYJRUWQIOEUHUYUDOKBRPD9ZATNMQEFNYXACFFVSMEPLVNABDXTDMQUND
PMV9XOEPHR9JAXTKLHWBFJZGZETAOEYEDESKFZVDOVVDAGXSNKEVZPSKSIXSXMPIE9DQNGICBCGTWICI9TCHRSZQM9
FVSIBS9YJPFZIEUXKIFK9NOQDDLTTVGKHMDVCECVQG9KBVVLFNTQLYYJCNMEVLDOYTEQIHRCFXMSYXXXAXDFWBZNRZ
E9EB9ZLCGYPLJOEQMMMVAYTRCUFHTSXJ9VPFMWWBDJMBYSIYGGPSRJZVRFTUTFPZDBEEJCMBOZUL9HNCDSCOXXMHFC
TRQHPVTXPKWGNJODANWFWIBMPJZDI9EKEDYRNKWHZ9WPPJOMKJMHQWUGSTVMBKXQCEAXGXIMPVKTLP9IDRZIT9SVPX
WGXJCSHDUCCZGXKTNMZBSHTIOH9NRRZQ9DXJCHM9NUCSRDNTZVULZQUWPNEBGIMZFXQB9GMSDLWZFWRZZSZCCSLNBZ
Q9MIFRELZAETJXUO9LI9AHTUZSFOAOSQSVJMRI9PDOB9LPHFMJZRHMGSBBQCLCWAGWDGMJQNCDNSCVTLWAYTDG9QND
RGDIKUULHEFNFJVXRACXXDCUQONQJIAFBVBFCKLGUMPOTZIRQJSSVXSUCMXDYYHXRWMBEOJQPMEXXSBRAOKOWZEWSA
HLMVHVAPWRSCKJQMO9SMVDBOLJHMY9OKQXTWSCVXOJCTGRG9LKOUHLQMS9VYLARCAFNGTMSSZFWQDNOMCGUKCBLDEZ
9BCMGSJJZPIRPVFSYFCCUDF99JKLTBXFCAULRZOQBXZIJEJBQAXSGBTDMYEYMUNEKDFSNRV9RSIWJR9QYRNSCCPSDD
OUESMSOCDXKDDKGXKVVDMKSGDSDNWMTYZGHPCVSGXUQONTSNQWKJVCZRJQTOWLZNHYR9XYGLUSDMGXBVXCKICGONRX
PDRMGJHEIIKWICUXVORXQYMUKMZELXPKHTQLLN9BNMMJSNYSJTZZRDCZCVPTVPYTUWKRGIOCO9MZIONPZTWUVTXZBW
FCRVRRXLJQQAMVBLHLVMTJ99KVOCI99RDIHLSUYWHKY9FHEFVGZCZKPBEAZRAGLQMPCOCZFV9OBKYUBVDVDXAJRRJD
ECCXNJETUAZXJYQXSFVXKXHDRXPG9TUIUZBKDSZLRABCUOJYP9OGCLQRPKATZVVSMUUDAFZLFNJBSTMHWSAUTTCXDY
DZMSNIMDHPBHADKFKXEMHUBLIYQAF9JCLZBIDEDOVJVTAHHFWCGYFQYOHBLSHZ9TWFDJRJTGLYU9DAWIBTPUJVCACA
ASWCJDBSUDPNSMLJSRAEPDGXQMFZAATKCSDCVU99VJKVSGGHESGKETENTKFXXXYGKN9CK9GUNAQECRLTCVUOOSGFHY
GZRZSILJKETNGELMKJHKPAJBRKQWTQJRCDOZRNOLUKXQ9FPTCKZLAIESBNIE9QVPWEKZSOFYHXWCECDDZNOMBMJKUZ
ECMAKAYNKDIEHO99OOQGJMBJ9YIZ9LYCQQGUIBCGB9PFPCAFQUOQJUQEYJJOTKRNIEEKIUGPECGSA9CYXNGAGWZXH9
QHSPKMLVGHLPQAODDVD9WWMOFEWBN9GLKGHYOWHSFPCZRL9XMKKRW9AHLVVTENLBGZLJRMQKWPOHHLUMDWNJFAEZPD
FKWABHYRVGGLGSPLUGOGSLCFBDZKDNLOHRIVIMXFOCF9AHKDG9DNRSZFUVUKJKTKXFVHOOHGYTNMIPPFBFSBIMWHKW
XQQOSGBB9KPTAMLCLNEDEKYROODYYXNRBZEG9LEUTQXGKRHVKPIRB9ZIPQTYOAVKHOZDGGZGDNUDMGWJDZQVVPBDOW
JHDSOSIXSSD9RSTHAFLTET99HJFRCCKRODIFABSJLZQFZGQSTNWUCSOLFQQGFXCKYPGHNYZRREVUJIKCCCGRVPTBUZ
G9WOPBEMTAI9NYBXWPTXIBVEXJYUPEJLKTP99HVYDCVSRBBDVE9FIHRYDXFMNTFEBZQPINRTTCICQPKUAWHPIQSNUA
ODQCOHSISEYHOELW9OYYKGKWELWWPMCPZHIHGBUQGBV9EVUILTDERIGMIPYJNPRONQBGHKJJKBZCRGVXXVUGYZSBSW
XHKUIGZTCFYUW9DRCKOPQKUFQNKWYN9YUXKEBH9P9TUUHKP9PZNU9LSMHDVEEJXUOYHDULVZYUOLPTXHCLBBXN9HWX
DRDDHYDPJIBVIMXWNWZHLPBZQKWMFGA9MATCBLJIMDBHLHBXCXLCDDQCUFZLWNYGYDFABSILRVXXRCPZDOOXTJDPHC
PHZLAZHVFXE9BRJVOURT9TVADGKVXMQPFGM9HDASXMFUJJN9UZXDMFRJQCARAWOVJYMVWTTCJCU9QOSWWT9EDERQRY
OFNRBOJJSRJRJJPQHUSGUWDDNULGJQYPYPKLPWLFSLISJJVMJUKDTDROKFQWSCPWPOPIPKFLX9QWAIPECEUKMZILR9
ZOW9MXYP9JNMSLEWPLGWIGYBMTCKSKPFZKABTRVURL9AXBQ9KNGHTBQWBYALPKDOPL9MVKHWSGFJOGPHDIWSCUOLQX
HNBEPHITBEHOPVCPMMDDMUFVKPZOXPHGCFTVTOEWSENJUXWUDWQWNNFYXCESZEXIWLOVSNFIMDXQPEHTZNKFEVNSAC
Hey @cryptotom77 , sry for the late response.
I've been looking at some of your addresses. Like I said before. zero value addresses don't have to be confirmed. So it doesn't matter if you have zero value addresses in your tx history that are not confirmed. Usually zero value addresses appear whenever you add a new address to the tangle ("generate new address"). So this is a normal process and a good thing.
How do I determine which ones are non-zero addresses.
You can usually see this right next to your transfers in the history. There should be the amount of the address, at zero value adresses there is always 0.
To the important question: How is it possible that there is a transaction in your history that has sent all your IOTAs from your wallet to another wallet, although you never made this transaction yourself?
I have no idea how this would have happened as I did not use an online generator to generate my seed.
You said you didn't use an online seed generator to create your seed. If I may ask, how did you create your seed? How did you choose the 81 letters and numbers?
There is only one way to control your IOTA wallet and send IOTAs: By knowing the corresponding seed.
Have you ever stored your seed somewhere unprotected? Have you ever sent your seed online, e.g. WhatsApp, Discord, etc.? Is your seed in plain text on your computer?
Why am I asking all this? The transactions of your wallet are all legitimate and technically clean. In this sense, there is no way to send IOTAs without the corresponding seed, i.e. to "hack into a wallet".
Hi lo5tinpr0
Thanks for replying. I created my seed using a phrase followed by a number. I then copied that seed until it was long enough for IOTA. I use LastPass to store my seeds and passwords. I have a long phrase for LassPass password and I also have 2 factor authentication enabled with Google authenticator. When this happened, I haven't accessed my Iota wallet for about 2 months.
Hey @cryptotom77 , how you created your seed should be safe enough. Of course, it's best to use 81 letters and the number 9 by chance.
The way you use LastPass, everything should be fine. Was there ever a way that someone else could have access to your passwords?
Have you ever used your database on a foreign computer?
My guess is someone had access to your seed rather than something is wrong with the IOTA Light Wallet.
No. I have not used my database on a foreign computer. No one knows my password. I do not see any possibility of anyone being able to access my wallet. Additionally, I have numerous wallets on my computer, where all the passwords are stored on LastPass. All wallets have full balances except for Iota.
I did not open the wallet for 2 months before I lost my funds. I went on a vacation and left my laptop in a safe deposit box in the hotel I am staying where I held the key and no one else. I came back on a Monday. I did not open the Iota wallet until Saturday. My funds went missing on Tuesday. So I did not copy and paste my seed until Saturday, 5 days later.
Please tell me what are the possible attack vectors for the Iota network. It is not as simple as the blockchain. I am very doubtful that my wallet was accessed or my seed was taken. I've since installed software on my computer that monitors network traffic and there is nothing strange going on on my computer.
Are you saying that my funds are gone and they will not be recovered?
There's only one way to make transactions: You have to know the corresponding seed.
So far I know of no cases where a seed could be stolen without a user being careless (e.g. online seed generator used, weak seed used, someone else knew the seed...).
I created my seed using a phrase followed by a number. I then copied that seed until it was long enough for IOTA.
Is there any way anyone knows that phrase besides you?
Because this address looks exactly like an address used to collect stolen IOTAs.
Please tell me what are the possible attack vectors for the Iota network.
As far as I know, there has never been a single case in the history of IOTA that someone has been able to hack into a wallet and steal IOTAs on this path.
Are you saying that my funds are gone and they will not be recovered?
Once IOTAs have been technically correctly transferred, there is no way to send them back, unless you know the seed of the recipient address.
So, as far as help is concerned, this issue is closed and my funds have been lost.
I will post this issue on all forums possible to identify the root cause of this issue, whether it is mine or Iota's.
Hey @cryptotom77 , let us know when you find a reason for the lost IOTAs. Until then you can close this issue.
There is a website that is working on a class action suit against Iota foundation for poorly designed system and wallet. Here is the link: